RHEL 2.1 / 3 : cyrus-sasl (RHSA-2004:546)

Updated cyrus-sasl packages that fix a setuid and setgid application
vulnerability are now available.

[Updated 7th October 2004] Revised cryus-sasl packages have been added
for Red Hat Enterprise Linux 3; the patch in the previous packages
broke interaction with ldap.

The cyrus-sasl package contains the Cyrus implementation of SASL. SASL
is the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To
do so, the libraries search for and attempt to load every shared
library found within the plug-in directory. This location can be set
with the SASL_PATH environment variable.

In situations where an untrusted local user can affect the environment
of a privileged process, this behavior could be exploited to run
arbitrary code with the privileges of a setuid or setgid application.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.

Contact

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.